Privacy Policy

When you create an account we collect your name, email address, and billing information. We do not store full card numbers; payment processing is handled by Stripe.

When you add vendors to monitor, we store the vendor names, domains, and any metadata you provide. We do not access your vendors' internal systems.

We collect standard server logs: IP addresses, browser type, pages visited, and timestamps. These are retained for 90 days for security and debugging purposes.

We use your account information to provide the service, send you alerts, and communicate about your subscription.

Vendor data you submit is used exclusively to run our monitoring engine on your behalf. It is never sold, shared with other customers, or used to train models.

Aggregate, anonymized usage patterns may be used to improve the product. This data cannot be traced back to you or your vendors.

We do not sell your personal information. Period.

We share data only with sub-processors necessary to operate the service: Stripe (payments), Vercel (infrastructure), and Resend (transactional email). Each is bound by a data processing agreement.

We may disclose information if required by law, court order, or to protect the rights and safety of OpenPostern, our users, or the public.

We use a single first-party session cookie to keep you signed in. We do not use third-party advertising cookies or tracking pixels.

Our analytics are privacy-preserving and do not fingerprint individual users. We do not use Google Analytics.

Your account data is retained for as long as your account is active. If you cancel, we delete your personal data within 30 days and vendor data within 90 days.

You may request immediate deletion at any time by emailing privacy@openpostern.com.

All data is encrypted in transit via TLS 1.3 and at rest via AES-256. Access to production databases is restricted to a minimum set of employees and requires hardware MFA.

We conduct penetration testing annually and remediate critical findings within 72 hours of discovery.

Depending on your jurisdiction you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email privacy@openpostern.com and we will respond within 30 days.

Residents of the EU and UK may also lodge a complaint with their local data protection authority.

We will notify you by email at least 14 days before making material changes to this policy. Continued use of the service after the effective date constitutes acceptance.

Questions about this policy: privacy@openpostern.com

Mailing address: OpenPostern, Inc. · 340 Pine Street, Suite 800 · San Francisco, CA 94104